ASREPRoast
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Hacking Insights Engage with content that delves into the thrill and challenges of hacking
Real-Time Hack News Keep up-to-date with fast-paced hacking world through real-time news and insights
Latest Announcements Stay informed with the newest bug bounties launching and crucial platform updates
ASREPRoast is a security attack that exploits users who lack the Kerberos pre-authentication required attribute. Essentially, this vulnerability allows attackers to request authentication for a user from the Domain Controller (DC) without needing the user's password. The DC then responds with a message encrypted with the user's password-derived key, which attackers can attempt to crack offline to discover the user's password.
The main requirements for this attack are:
Lack of Kerberos pre-authentication: Target users must not have this security feature enabled.
Connection to the Domain Controller (DC): Attackers need access to the DC to send requests and receive encrypted messages.
Optional domain account: Having a domain account allows attackers to more efficiently identify vulnerable users through LDAP queries. Without such an account, attackers must guess usernames.
AS-REP Roasting with Rubeus will generate a 4768 with an encryption type of 0x17 and preauth type of 0.
Force preauth not required for a user where you have GenericAll permissions (or permissions to write properties):
Hacking Insights Engage with content that delves into the thrill and challenges of hacking
Real-Time Hack News Keep up-to-date with fast-paced hacking world through real-time news and insights
Latest Announcements Stay informed with the newest bug bounties launching and crucial platform updates
Join server to communicate with experienced hackers and bug bounty hunters!
Join us on and start collaborating with top hackers today!
An attacker can use a man-in-the-middle position to capture AS-REP packets as they traverse the network without relying on Kerberos pre-authentication being disabled. It therefore works for all users on the VLAN. allows us to do so. Moreover, the tool forces client workstations to use RC4 by altering the Kerberos negotiation.
Join server to communicate with experienced hackers and bug bounty hunters!
Join us on and start collaborating with top hackers today!
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.